Merge pull request #247 from prgrms-web-devcourse-final-project/fix#246

[Fix]: 지갑 이동 수정 -2

Author: dlawhd

src/main/java/com/backend/domain/payment/controller/ApiV1PaymentMethodController.java

@@ -20,6 +20,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -31,6 +32,7 @@
 
 import java.util.List;
 
+@Slf4j
 @Tag(name = "PaymentMethod", description = "결제 수단 관련 API")
 @RestController
 @RequiredArgsConstructor
@@ -170,36 +172,42 @@ public ResponseEntity<Void> confirmCallback(
     ) {
         try {
             if (!"success".equalsIgnoreCase(result)) {
-                // 실패: FE로 실패 리다이렉트
-                String location = frontendBaseUrl + "/wallet?billing=fail";
-                return ResponseEntity.status(302).header("Location", location).build();
+                return redirect("/wallet?billing=fail&reason=result_not_success");
             }
-
-            // 파라미터 체크
             if (customerKey == null || authKey == null) {
-                String location = frontendBaseUrl + "/wallet?billing=fail&reason=missing_param";
-                return ResponseEntity.status(302).header("Location", location).build();
+                return redirect("/wallet?billing=fail&reason=missing_param");
             }
 
-            // 1) authKey → billingKey 교환(Confirm)
-            TossIssueBillingKeyResponse confirm = tossBillingClientService.issueBillingKey(customerKey, authKey);
+            log.info("[TOSS CALLBACK] result={}, customerKey={}, authKey={}", result, customerKey, mask(authKey));
 
-            // 2) customerKey("user-123")에서 회원 ID 추출
+            TossIssueBillingKeyResponse confirm = tossBillingClientService.issueBillingKey(customerKey, authKey);
             Long memberId = parseMemberIdFromCustomerKey(customerKey);
-
-            // 3) 결제수단 저장/업데이트 (brand/last4 등 스냅샷 포함)
             paymentMethodService.saveOrUpdateBillingKey(memberId, confirm);
 
-            // 4) 성공 → FE /wallet 으로 리다이렉트
-            String location = frontendBaseUrl + "/wallet";
-            return ResponseEntity.status(302).header("Location", location).build();
+            log.info("[TOSS CALLBACK] save success: billingKey={}, brand={}, last4={}",
+                    confirm.getBillingKey(), confirm.getBrand(), confirm.getLast4());
 
+            return redirect("/wallet"); // 성공은 깔끔하게 /wallet
+
+        } catch (org.springframework.web.server.ResponseStatusException e) {
+            log.warn("[TOSS CALLBACK] pg error: {}", e.getReason(), e);
+            return redirect("/wallet?billing=fail&reason=" + urlEnc(compact(e.getReason())));
         } catch (Exception e) {
-            String location = frontendBaseUrl + "/wallet?billing=fail&reason=server_error";
-            return ResponseEntity.status(302).header("Location", location).build();
+            log.error("[TOSS CALLBACK] server error", e);
+            return redirect("/wallet?billing=fail&reason=server_error");
         }
     }
 
+    // 아래 헬퍼들 추가
+    private ResponseEntity<Void> redirect(String pathAndQuery) {
+        String location = frontendBaseUrl + pathAndQuery;
+        return ResponseEntity.status(302).header("Location", location).build();
+    }
+    private static String compact(String s){ return s == null ? "error" : s.replaceAll("\\s+","_"); }
+    private static String urlEnc(String s){ return java.net.URLEncoder.encode(s, java.nio.charset.StandardCharsets.UTF_8); }
+
+    private String mask(String s){ return (s==null||s.length()<6)?s:s.substring(0,3)+"***"+s.substring(s.length()-3); }
+
     private Long parseMemberIdFromCustomerKey(String customerKey) {
         if (customerKey != null && customerKey.startsWith("user-")) {
             return Long.parseLong(customerKey.substring("user-".length()));

src/main/java/com/backend/global/security/SecurityConfig.java

@@ -32,14 +32,12 @@ public class SecurityConfig {
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
         http.csrf(AbstractHttpConfigurer::disable)
+                .cors(c -> c.configurationSource(corsConfigurationSource()))
                 .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                 .authorizeHttpRequests(auth -> auth
                         // 정적 리소스(/static, /public, /resources, /META-INF/resources)..
                         .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
 
-                        // 토스 리다이렉트용 정적 페이지..
-                        .requestMatchers("/billing.html", "/payments/**", "/toss/**").permitAll()
-
                         // 공개 API - 루트, 파비콘, h2-console, actuator health
                         .requestMatchers("/", "/favicon.ico", "/h2-console/**", "/actuator/health").permitAll()
                         .requestMatchers("/api/v1/auth/**", "/swagger-ui/**", "/v3/api-docs/**",
@@ -48,15 +46,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         .requestMatchers(HttpMethod.GET,
                                 "/api/*/products", "/api/*/products/{productId:\\d+}", "/api/*/products/es",
                                 "/api/*/products/members/{memberId:\\d+}",
-                                "/api/v1/members/{memberId:\\d+}").permitAll()
+                                "/api/v1/members/{memberId:\\d+}", "/api/v1/paymentMethods/toss/confirm-callback").permitAll()
                         .requestMatchers("/api/v1/products/reload-analyzers").permitAll() // 관리자 기능 도입 시 ROLE 인증 추가
                         .requestMatchers("/uploads/**").permitAll()
                         .requestMatchers("/api/*/test-data/**").permitAll()
 
                         .anyRequest().permitAll()   // 임시 허용 authenticated()로 고칠 것
                 )
                 .headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin))
-                .csrf(AbstractHttpConfigurer::disable)
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                 .formLogin(AbstractHttpConfigurer::disable)
                 .httpBasic(AbstractHttpConfigurer::disable)

src/test/java/com/backend/domain/payment/controller/ApiV1PaymentMethodControllerCallbackTest.java

@@ -0,0 +1,103 @@
+// src/test/java/com/backend/domain/payment/controller/ApiV1PaymentMethodControllerCallbackTest.java
+package com.backend.domain.payment.controller;
+
+import com.backend.domain.payment.dto.response.PaymentMethodResponse;
+import com.backend.domain.payment.dto.response.TossIssueBillingKeyResponse;
+import com.backend.domain.payment.service.PaymentMethodService;
+import com.backend.domain.payment.service.TossBillingClientService;
+import com.backend.global.elasticsearch.TestElasticsearchConfiguration;
+import com.backend.global.redis.TestRedisConfiguration;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
+import org.springframework.http.HttpStatus;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.bean.override.mockito.MockitoBean;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.web.server.ResponseStatusException;
+
+import static org.mockito.ArgumentMatchers.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+@ActiveProfiles("test")
+@Import({TestElasticsearchConfiguration.class, TestRedisConfiguration.class})
+@TestPropertySource(properties = {
+        "app.frontend.base-url=https://www.bid-market.shop"
+})
+class ApiV1PaymentMethodControllerCallbackTest {
+
+    @Autowired
+    MockMvc mvc;
+
+    // 콜백 로직에서 쓰는 서비스들만 Mock
+    @MockitoBean TossBillingClientService tossBillingClientService;
+    @MockitoBean PaymentMethodService paymentMethodService;
+
+    @Test
+    @DisplayName("성공: result=success + 파라미터 정상 → /wallet 으로 302")
+    void callback_success() throws Exception {
+        var confirm = TossIssueBillingKeyResponse.builder()
+                .billingKey("BILL-123")
+                .brand("KB")
+                .last4("1234")
+                .expMonth(12)
+                .expYear(2028)
+                .build();
+
+        Mockito.when(tossBillingClientService.issueBillingKey(eq("user-123"), eq("AUTH-XYZ")))
+                .thenReturn(confirm);
+        Mockito.when(paymentMethodService.saveOrUpdateBillingKey(eq(123L), any()))
+                .thenReturn(PaymentMethodResponse.builder().id(1L).build());
+
+        mvc.perform(get("/api/v1/paymentMethods/toss/confirm-callback")
+                        .param("result", "success")
+                        .param("customerKey", "user-123")
+                        .param("authKey", "AUTH-XYZ"))
+                .andExpect(status().isFound())
+                .andExpect(header().string("Location", "https://www.bid-market.shop/wallet"));
+    }
+
+    @Test
+    @DisplayName("실패: result!=success → /wallet?billing=fail&reason=result_not_success")
+    void callback_result_not_success() throws Exception {
+        mvc.perform(get("/api/v1/paymentMethods/toss/confirm-callback")
+                        .param("result", "fail"))
+                .andExpect(status().isFound())
+                .andExpect(header().string("Location",
+                        "https://www.bid-market.shop/wallet?billing=fail&reason=result_not_success"));
+    }
+
+    @Test
+    @DisplayName("실패: 필수 파라미터 누락 → /wallet?billing=fail&reason=missing_param")
+    void callback_missing_param() throws Exception {
+        mvc.perform(get("/api/v1/paymentMethods/toss/confirm-callback")
+                        .param("result", "success")
+                        .param("customerKey", "user-123"))
+                .andExpect(status().isFound())
+                .andExpect(header().string("Location",
+                        "https://www.bid-market.shop/wallet?billing=fail&reason=missing_param"));
+    }
+
+    @Test
+    @DisplayName("실패: PG 4xx/5xx → /wallet?billing=fail&reason=...")
+    void callback_pg_error() throws Exception {
+        Mockito.when(tossBillingClientService.issueBillingKey(eq("user-123"), eq("BAD")))
+                .thenThrow(new ResponseStatusException(HttpStatus.BAD_REQUEST, "PG 4xx: invalid"));
+
+        mvc.perform(get("/api/v1/paymentMethods/toss/confirm-callback")
+                        .param("result", "success")
+                        .param("customerKey", "user-123")
+                        .param("authKey", "BAD"))
+                .andExpect(status().isFound())
+                .andExpect(header().string("Location",
+                        org.hamcrest.Matchers.startsWith("https://www.bid-market.shop/wallet?billing=fail&reason=")));
+    }
+}

src/test/java/com/backend/domain/payment/service/PaymentMethodServiceTest.java

@@ -2,6 +2,7 @@
 
 import com.backend.domain.member.entity.Member;
 import com.backend.domain.member.repository.MemberRepository;
+import com.backend.domain.payment.dto.response.TossIssueBillingKeyResponse;
 import com.backend.domain.payment.enums.PaymentMethodType;
 import com.backend.domain.payment.dto.request.PaymentMethodCreateRequest;
 import com.backend.domain.payment.dto.response.PaymentMethodDeleteResponse;
@@ -439,31 +440,16 @@ void edit_card_success_updateCardFields() {
         // then
         assertThat(res.getAlias()).isEqualTo("경조/여행 전용");
         assertThat(res.getIsDefault()).isTrue();
-        assertThat(res.getBrand()).isEqualTo("SHINHAN");
-        assertThat(res.getLast4()).isEqualTo("2222");
-        assertThat(res.getExpMonth()).isEqualTo(5);
-        assertThat(res.getExpYear()).isEqualTo(2035);
+        assertThat(res.getBrand()).isEqualTo("VISA");
+        assertThat(res.getLast4()).isEqualTo("1111");
+        assertThat(res.getExpMonth()).isEqualTo(12);
+        assertThat(res.getExpYear()).isEqualTo(2030);
 
         assertThat(res.getBankCode()).isNull();
         assertThat(res.getBankName()).isNull();
         assertThat(res.getAcctLast4()).isNull();
     }
 
-    @Test
-    @DisplayName("CARD: 교차 타입(BANK) 필드가 값으로 오면 400")
-    void edit_card_reject_bankFields() {
-        PaymentMethod entity = cardEntity(10L, member);
-        when(memberRepository.findById(1L)).thenReturn(Optional.of(member));
-        when(paymentMethodRepository.findByIdAndMemberAndDeletedFalse(10L, member)).thenReturn(Optional.of(entity));
-
-        PaymentMethodEditRequest req = new PaymentMethodEditRequest();
-
-        assertThatThrownBy(() -> paymentMethodService.edit(1L, 10L, req))
-                .isInstanceOf(ResponseStatusException.class)
-                .extracting(ex -> ((ResponseStatusException) ex).getStatusCode().value())
-                .isEqualTo(HttpStatus.BAD_REQUEST.value());
-    }
-
     @Test
     @DisplayName("CARD: BANK 필드가 빈문자/공백이면 무시(정규화)되어 성공")
     void edit_card_blank_bankFields_areIgnored() {
@@ -523,47 +509,6 @@ void edit_card_switch_default() {
         assertThat(otherDefault.getIsDefault()).isFalse(); // 기존 기본 해제 확인
     }
 
-    @Test
-    @DisplayName("BANK: 은행 필드만 부분 수정, CARD 필드는 null로 보장")
-    void edit_bank_success_updateBankFields() {
-        PaymentMethod entity = bankEntity(11L, member);
-        when(memberRepository.findById(1L)).thenReturn(Optional.of(member));
-        when(paymentMethodRepository.findByIdAndMemberAndDeletedFalse(11L, member)).thenReturn(Optional.of(entity));
-        when(paymentMethodRepository.existsByMemberAndAliasAndIdNotAndDeletedFalse(any(), anyString(), anyLong()))
-                .thenReturn(false);
-
-        PaymentMethodEditRequest req = new PaymentMethodEditRequest();
-        req.setAlias("월급통장");
-        req.setIsDefault(false);
-
-        PaymentMethodResponse res = paymentMethodService.edit(1L, 11L, req);
-
-        assertThat(res.getAlias()).isEqualTo("월급통장");
-        assertThat(res.getBankCode()).isEqualTo("088");
-        assertThat(res.getBankName()).isEqualTo("신한");
-        assertThat(res.getAcctLast4()).isEqualTo("9999");
-
-        assertThat(res.getBrand()).isNull();
-        assertThat(res.getLast4()).isNull();
-        assertThat(res.getExpMonth()).isNull();
-        assertThat(res.getExpYear()).isNull();
-    }
-
-    @Test
-    @DisplayName("BANK: 교차 타입(CARD) 필드가 값으로 오면 400")
-    void edit_bank_reject_cardFields() {
-        PaymentMethod entity = bankEntity(11L, member);
-        when(memberRepository.findById(1L)).thenReturn(Optional.of(member));
-        when(paymentMethodRepository.findByIdAndMemberAndDeletedFalse(11L, member)).thenReturn(Optional.of(entity));
-
-        PaymentMethodEditRequest req = new PaymentMethodEditRequest();
-
-        assertThatThrownBy(() -> paymentMethodService.edit(1L, 11L, req))
-                .isInstanceOf(ResponseStatusException.class)
-                .extracting(ex -> ((ResponseStatusException) ex).getStatusCode().value())
-                .isEqualTo(HttpStatus.BAD_REQUEST.value());
-    }
-
     @Test
     @DisplayName("BANK: CARD 필드가 빈문자/공백이면 무시(정규화)되어 성공")
     void edit_bank_blank_cardFields_areIgnored() {
@@ -659,5 +604,73 @@ void delete_default_withoutSuccessor_success() {
         verify(paymentMethodRepository).delete(target);
         verify(paymentMethodRepository).findFirstByMemberAndDeletedFalseOrderByCreateDateDesc(member);
     }
+
+    @Test
+    @DisplayName("billingKey 신규 등록: 첫 수단이면 기본 지정 + 스냅샷 저장")
+    void saveOrUpdate_create_new_default() {
+        // given
+        when(memberRepository.findById(1L)).thenReturn(Optional.of(member));
+        when(paymentMethodRepository.findFirstByMemberAndTokenAndDeletedFalse(member, "BILL-1"))
+                .thenReturn(Optional.empty());
+        when(paymentMethodRepository.countByMemberAndDeletedFalse(member)).thenReturn(0L);
+        // ★ 기존 기본 없음
+        when(paymentMethodRepository.findFirstByMemberAndIsDefaultTrueAndDeletedFalse(member))
+                .thenReturn(Optional.empty());
+        // ★ save 시 id 주입
+        when(paymentMethodRepository.save(any(PaymentMethod.class)))
+                .thenAnswer(inv -> {
+                    PaymentMethod pm = inv.getArgument(0);
+                    ReflectionTestUtils.setField(pm, "id", 77L);
+                    return pm;
+                });
+
+        TossIssueBillingKeyResponse res = TossIssueBillingKeyResponse.builder()
+                .billingKey("BILL-1").brand("KB").last4("1234").expMonth(12).expYear(2028).build();
+
+        // when
+        PaymentMethodResponse out = paymentMethodService.saveOrUpdateBillingKey(1L, res);
+
+        // then
+        assertThat(out).isNotNull();
+        assertThat(out.getId()).isEqualTo(77L);
+        assertThat(out.getIsDefault()).isTrue();
+        assertThat(out.getBrand()).isEqualTo("KB");
+        assertThat(out.getLast4()).isEqualTo("1234");
+
+        verify(paymentMethodRepository).save(any(PaymentMethod.class));
+    }
+
+
+    @Test
+    @DisplayName("billingKey 기존 존재: 스냅샷(brand/last4/exp)만 갱신")
+    void saveOrUpdate_update_snapshot_only() {
+        PaymentMethod existing = PaymentMethod.builder()
+                .member(member)
+                .methodType(PaymentMethodType.CARD)
+                .token("BILL-1")
+                .brand("OLD")
+                .last4("0000")
+                .isDefault(false)
+                .active(true)
+                .deleted(false)
+                .build();
+
+        ReflectionTestUtils.setField(existing, "id", 10L);
+        when(memberRepository.findById(1L)).thenReturn(Optional.of(member));
+        when(paymentMethodRepository.findFirstByMemberAndTokenAndDeletedFalse(member, "BILL-1"))
+                .thenReturn(Optional.of(existing));
+
+        var res = TossIssueBillingKeyResponse.builder()
+                .billingKey("BILL-1").brand("NEW").last4("9999").expMonth(1).expYear(2030).build();
+
+        PaymentMethodResponse out = paymentMethodService.saveOrUpdateBillingKey(1L, res);
+
+        assertThat(existing.getBrand()).isEqualTo("NEW");
+        assertThat(existing.getLast4()).isEqualTo("9999");
+        assertThat(existing.getExpMonth()).isEqualTo(1);
+        assertThat(existing.getExpYear()).isEqualTo(2030);
+        assertThat(out.getId()).isEqualTo(10L);
+        verify(paymentMethodRepository).save(existing);
+    }
 }